[Git][security-tracker-team/security-tracker][master] Reserve DLA-4644-1 for libmatio

Andreas Henriksson (@ah) gitlab at salsa.debian.org
Wed Jun 24 13:13:14 BST 2026



Andreas Henriksson pushed to branch master at Debian Security Tracker / security-tracker


Commits:
46ba0bbc by Andreas Henriksson at 2026-06-24T14:13:08+02:00
Reserve DLA-4644-1 for libmatio

- - - - -


2 changed files:

- data/CVE/list
- data/DLA/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -94225,7 +94225,6 @@ CVE-2025-50343 (An issue was discovered in matio 1.5.28. A heap-based memory cor
 	[experimental] - libmatio 1.5.30-1
 	- libmatio 1.5.30-2 (bug #1124797)
 	[trixie] - libmatio <no-dsa> (Minor issue, revisit when fixed upstream)
-	[bookworm] - libmatio <no-dsa> (Minor issue, revisit when fixed upstream)
 	NOTE: https://github.com/tbeu/matio/issues/275
 	NOTE: Fixed by: https://github.com/tbeu/matio/commit/41b505410dafaa236b61b52c7910d4c4831404f2
 CVE-2025-15359 (DVP-12SE11T - Out-of-bound memory write Vulnerability)
@@ -193744,12 +193743,10 @@ CVE-2025-2338 (A vulnerability, which was classified as critical, was found in t
 	{DLA-4459-1}
 	- libmatio 1.5.29-1 (bug #1104247)
 	[trixie] - libmatio <no-dsa> (Minor issue)
-	[bookworm] - libmatio <no-dsa> (Minor issue)
 	NOTE: https://github.com/tbeu/matio/issues/269
 	NOTE: Fixed by: https://github.com/tbeu/matio/commit/7b31881ea1da30b075658502961dfcc95353d9ae (v1.5.29)
 CVE-2025-2337 (A vulnerability, which was classified as critical, has been found in t ...)
 	- libmatio 1.5.28-2 (bug #1100992)
-	[bookworm] - libmatio <postponed> (Minor issue, revisit when fixed upstream)
 	[bullseye] - libmatio <not-affected> (Vulnerable code introduced in v1.5.20, commit 67a922f83467d694fa6e)
 	NOTE: https://github.com/tbeu/matio/issues/267
 	NOTE: Introduced with: https://github.com/tbeu/matio/commit/67a922f83467d694fa6e9759ac9a30b6ab82aec4 (v1.5.20)


=====================================
data/DLA/list
=====================================
@@ -1,3 +1,6 @@
+[24 Jun 2026] DLA-4644-1 libmatio - security update
+	{CVE-2025-2337 CVE-2025-2338 CVE-2025-50343}
+	[bookworm] - libmatio 1.5.23-2+deb12u1
 [23 Jun 2026] DLA-4643-1 imagemagick - security update
 	{CVE-2026-48733 CVE-2026-48734 CVE-2026-48994 CVE-2026-49218 CVE-2026-53460 CVE-2026-53463}
 	[bullseye] - imagemagick 8:6.9.11.60+dfsg-1.3+deb11u14



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/46ba0bbc7051cacbad98bc45a401722c62c321b3

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/46ba0bbc7051cacbad98bc45a401722c62c321b3
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260624/1e156764/attachment.htm>


More information about the debian-security-tracker-commits mailing list